package com.liujun.microserver.auth2.webjoin.server.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * 用来实现url的访问设置
 * 
 * @author liujun
 * @date 2018/07/08
 * @date 2018/07/08 12:11:54
 */
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Autowired
	private UserDetailsService userDetailsService;

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailsService);
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/", "index.html")
				// 指定任何人都可以使用url。
				.permitAll()
				// 所有请求
				.anyRequest()
				// 指定任何经过身份验证的用户都允许url。
				.authenticated().and()
				// 基于表单的验证
				.formLogin().and()
				// 支持退出
				.logout().permitAll().and()
				// 添加CSRF的支持。在使用时默认激活
				.csrf()
				// 禁用
				.disable();
	}

}
